Deployment

elDoc deployment steps on Rocky Linux 8 / RedHat Linux 8

Contents:


1. General assumptions

1.1. SELinux subsystem

This guide assumes that SELinux is disabled as such SELinux deployment steps are not covered. In case you need to keep SELinux enabled - please perform necessary adjustments according to your needs and follow the SELinux documentation.

In order to disable SELinux the followings steps are to be performed:

1) Edit file /etc/selinux/config

nano /etc/selinux/config

2) Locate line with SELINUX= parameter and set it as following

SELINUX=disabled

3) Save file, exit editor and execute command:

setenforce 0


1.2. Folders structure

It is assumed that installation will be performed in the directory /local.

The folder structure is the following:

\local
|–-elDoc
|–-java
|–-jmc
|–-mongo
|–-mongoData
|--tessData
|–-solr
|–-solrData

IMPORTANT: deciding and selecting deployment identificator

Before starting with the steps below - decide on the system name to be used for the current elDoc deployment, e.g.: for production environment use the name like prd01, for testing environment - uat01, etc.

Once you decide the name identificator to be used - replace cidXXX identificator from the steps below with the system name you have chosen for your deployment.


2. Java installation

Steps below assume that you have downloaded Azul Zulu Java archive named zulu11.60.19-ca-jre11.0.17-linux_x64.tar.gz

1) Create directory and un-tar archive

mkdir /local/java && tar -xvzf zulu11.60.19-ca-jre11.0.17-linux_x64.tar.gz -C /local/java
ln -sfn /local/java/zulu11.60.19-ca-jre11.0.17-linux_x64/ /local/java/java_active

3) Set as default java runtime

alternatives --remove-all java
alternatives --install /usr/bin/java java /local/java/java_active/bin/java 1

4) Configure Environment Variables

nano /etc/profile.d/java.sh
/etc/profile.d/java.sh
export JRE_HOME=/local/java/java_active
export PATH=$PATH:/local/java/java_active/bin

5) Verify successful Java deployment

Re-login into shell and execute command as shown below. Check that output is similar to the one shown below:

[root@eldoc.server.local /]# java -version
openjdk version "11.0.13" 2021-10-19 LTS
OpenJDK Runtime Environment Zulu11.52+13-CA (build 11.0.13+8-LTS)
OpenJDK 64-Bit Server VM Zulu11.52+13-CA (build 11.0.13+8-LTS, mixed mode)


3. MongoDB installation

3.1. MongoDB binaries installation

Installation using dnf repository manager (recommended)

Reference to the MongoDB website: https://www.mongodb.com/docs/v5.0/tutorial/install-mongodb-on-red-hat/

1) Create a repository config

nano /etc/yum.repos.d/mongodb-org-5.0.repo
/etc/yum.repos.d/mongodb-org-5.0.repo
[mongodb-org-5.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/5.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-5.0.asc

2) Install MongoDB packages

dnf install -y mongodb-org

3) Enable MongoDB Service

IMPORTANT: before launching MongoDB process - make sure you have crated & configured mongodb via configuration file first (see below)

In order to enable and launch MongoDB service - execute the following command:

systemctl enable mongod

Installation using tarball

Reference to the MongoDB official documentation: https://www.mongodb.com/docs/v5.0/tutorial/install-mongodb-on-red-hat-tarball/

1) Install prerequisites

dnf install -y libcurl openssl xz-libs

2) Obtain the MongoDB tarball and extract it contents

tar -xvf mongodb-linux-x86_64-rhel80-5.0.16.tgz -C /local/
mv /local/mongodb-linux-x86_64-rhel80-5.0.16.tgz/ /local/mongo

3) Adjust limits after manual installation

Please review the MongoDB recommendations on adjusting the limits: https://docs.mongodb.com/manual/reference/ulimit/

IMPORTANT: before launching MongoDB process - make sure you have crated & configured mongodb via configuration file first (see below)


3.2. Post-installation steps


3.3. Configuration and launch

1) Create MongoDB data directory by executing commands:

mkdir /local/mongoData && chown -R mongod:mongod /local/mongoData

2) Create MongoDB key-file:

openssl rand -base64 756 > /etc/mongod.key
chmod 400 /etc/mongod.key
chown mongod:mongod /etc/mongod.key

3) Create or edit MongoDB configuration file, which should look similar to the one provided below:

nano /etc/mongod.conf
/etc/mongod.conf
systemLog:
  destination: file
  path: /var/log/mongodb/mongod.log
  logAppend: true

storage:
  dbPath: /local/mongoData
  journal:
    enabled: true

processManagement:
  timeZoneInfo: /usr/share/zoneinfo

net:
  bindIp: 0.0.0.0
  port: 27017

security:
  keyFile: /etc/mongod.key
# authorization: enabled

*Make sure that all paths are valid and have a read-write access for the mognod user.

4) Launch MongoDB Service by executing command:

systemctl start mongod


3.4. Users creation

1) Launch MongoDB shell

To launch MongoDB shell execute the following command: mongosh

In case of manually deployed MongoDB - you may need to download and extract MongoDB Database Tools. Assuming that Database Tools were extracted to the MongoDB bin directory, you may launch MongoDB Shell manually executing the command: /local/mongo/bin/mongo

2) Create root user in MongoDB

use admin
db.createUser( {user: "root", pwd: passwordPrompt(), roles: [{role: "root", db: "admin"}]} )

3) Create elDoc application user

Follow the pattern of the db-name as shown below. Also see the NOTE in the beginning of this guide on choosing the right name instead of cidXXX.

db.auth("root")
use eldoc_cidXXX
db.createUser( {user: "cidXXX", pwd: passwordPrompt(), roles: [{role: "dbOwner", db: "eldoc_cidXXX"}]} )

Where cidXXX is an id of the elDoc DB user. Make sure that cidXXX used during DB creation is the same as the one stated in the elDoc config file (eldoc.conf)

4) Securely write down logins, db-names and passwords

5) Enable MongoDB authentication

Open MongoDB configuration file and uncomment the following lines:

/local/mongo/mongod.conf
...
security:
  authorization: enabled  
...

6) Restart MongoDB service

systemctl restart mongod


4. elDoc dependencies installation & configuration

4.1. IDP dependencies installation

1) Download and install TessData

mkdir /local/tessData && cd /local/tessData
wget -O tessdata_best-4.1.0.zip https://github.com/tesseract-ocr/tessdata_best/archive/4.1.0.zip
unzip tessdata_best-4.1.0.zip
rm -f tessdata_best-4.1.0.zip

2) Respective adjustment to be made in the eldoc.conf file.

/local/elDoc/eldoc.conf
idp.tessdata.path=/local/tessData/tessdata_best-4.1.0


4.2. Full-text search service installation 

NOTE: This component provides full-text search functionality and is optional for deployment

1) Install prerequisites

dnf install lsof

2) Download and extract Apache Solr software

cd /local/_distr
wget https://www.apache.org/dyn/closer.lua/solr/solr/9.2.1/solr-9.2.1.tgz?action=download -O solr-9.2.1.tgz
mkdir /local/solr && mkdir /local/solrData && mkdir /local/solrData/data && mkdir /local/solrData/logs
tar -zxvf solr-9.2.1.tgz -C /local/solr
ln -sfn /local/solr/solr-9.2.1/ /local/solr/solr
cp /local/solr/solr/server/solr/solr.xml /local/solrData/data/ && cp /local/solr/solr/server/solr/zoo.cfg /local/solrData/data/
cp /local/solr/solr/server/resources/log4j2.xml /local/solrData/

3) Deploy provided Solr Core configuration

cd /local/_distr && wget https://dms-solutions.co/downloads/configset_elDoc-v5.7.x_Solr-v9.0.x.zip
unzip configset_elDoc-v5.7.x_Solr-v9.0.x.zip
mv configset_elDoc-v5.7.x_Solr-v9.0.x/solrData/data/configsets /local/solrData/data/configsets
rm -rf configset_elDoc-v5.7.x_Solr-v9.0.x

4) Create user for Solr service

groupadd solr
useradd -gsolr -s/bin/bash -M solr
chown -R solr:solr /local/solrData

5) Install Solr service

nano /etc/systemd/system/solr.service
/etc/systemd/system/solr.service
[Unit]
Description=Apache Solr
After=syslog.target network.target

[Service]
Type=forking
User=solr
Restart=on-failure
LimitNOFILE=65000
LimitNPROC=65000
Environment="SOLR_INSTALL_DIR=/local/solr/solr"
Environment="SOLR_PID_DIR=/local/solrData/"
Environment="SOLR_HOME=/local/solrData/data"
Environment="LOG4J_PROPS=/local/solrData/log4j2.xml"
Environment="SOLR_LOGS_DIR=/local/solrData/logs"
Environment="SOLR_PORT=8983"
Environment="SOLR_MODULES=extraction"
Environment="SOLR_JAVA_MEM=-Xms512m -Xmx1g"
Environment="SOLR_REQUESTLOG_ENABLED=false"
Environment="SOLR_LOG_LEVEL=WARN"
PIDFile=/local/solrData/solr-8983.pid
WorkingDirectory=/local/solrData
ExecStart=/local/solr/solr/bin/solr start
ExecReload=/local/solr/solr/bin/solr restart
ExecStop=/local/solr/solr/bin/solr stop

[Install]
WantedBy=multi-user.target 

6) Enable and launch Solr service

systemctl daemon-reload && systemctl enable solr.service && systemctl start solr.service


4.3. Sync-service installation

NOTE: This component provides data synchronization capabilities between MongoDB and full-text search service and required to be installed only in case full-text search service was installed.

1) Download elDoc Java Mongo Connector

cd /local/_distr && wget https://dms-solutions.co/downloads/eldoc-jmc-1.4-service-distr.zip

2) Unzip and deploy required files

unzip eldoc-jmc-1.4-service-distr.zip
mv jmc /local/jmc && mv jmc.service /etc/systemd/system
mkdir /local/jmc/logs

3) Create user and group for running synch service

groupadd jmc
useradd -gjmc -s/bin/bash -M jmc

4) Enable MongoDB replication

nano /etc/mongod.conf
/etc/mongod.conf
...
replication
  replSetName: rs0
...

Restart MongoDB after adjusting configuration, then login to the MongoDB shell and initialize replication and create user for synch service:

mongosh
use admin
db.auth("root")
rs.initiate()
db.createUser( {user: "jmc", pwd: passwordPrompt(), roles: ["backup"]} )

Securely write down created user credentials

5) Adjust config and access rights for the config file as required

nano /local/jmc/config-eldoc.json

Adjust access rights for the sync service configuration

chmod 600 /local/jmc/config-eldoc.json
chown -R jmc:jmc /local/jmc/

6) Install and enable sync system service

Make necessary adjustments where required

chmod +x /local/jmc/jmc-service.sh
nano /etc/systemd/system/jmc.service
/etc/systemd/system/jmc.service
[Unit]
Description=elDoc Java Mongo Connector Service
After=syslog.target network.target mongod.service solr.service
Requires=mongod.service solr.service

[Service]
User=jmc
Type=forking
ExecStart=/local/jmc/jmc-service.sh
ExecStop=/bin/kill -s TERM $MAINPID
WorkingDirectory=/local/jmc
SuccessExitStatus=143

[Install]
WantedBy=multi-user.target

Once sync service configured you may launch it by executing the following command:

systemctl daemon-reload && systemctl enable jmc.service && systemctl start jmc


4.4. Document conversion service installation

NOTE: This component is optional and provides online preview and document auto-filling functionality.

1) Office conversion service installed using standard Linux package manager

dnf install -y libreoffice-base libreoffice-writer libreoffice-math libreoffice-calc libreoffice-core libreoffice-draw libreoffice-emailmerge libreoffice-graphicfilter libreoffice-impress libreoffice-opensymbol-fonts libreoffice-data libreoffice-ure libreoffice-ure-common libreoffice-pyuno libreoffice-filters libreoffice-ogltrans libreoffice-pdfimport libreoffice-xsltfilter libreoffice-langpack-en libreoffice-langpack-ru libreoffice-langpack-uk libreofficekit libreoffice-headless

After executing the command above required packages will be installed in the system and automatically picked-up by the elDoc system.


4.5. Reverse-proxy service installation

1) Add new repo

nano /etc/yum.repos.d/nginx.repo
/etc/yum.repos.d/nginx.repo
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

2) Install nginx reverse-proxy

dnf install nginx

3) Remove default configuration file

rm -f /etc/nginx/conf.d/default.conf

4) Create configuration for elDoc server by pasting the following content into the /etc/nginx/conf.d/eldoc.conf configuration file

nano /etc/nginx/conf.d/eldoc.conf

IMPORTANT: adjust parameters like (server_name, ssl_certificate, ssl_certificate_key) as required according to your environment.

/etc/nginx/conf.d/eldoc.conf
upstream eldoc {
    ip_hash;
    server localhost:8080 max_fails=1 fail_timeout=5s;
    #server node2.eldoc.local:8082 max_fails=1 fail_timeout=5s;
}

map $http_upgrade $proxy_connection {
  default   upgrade;
  ""        close;
}

map $cache $expires {
    1         30d;
    default   off;
}

map $cache $control {
    1         "public, no-transform";
}

map $uri $cache {
    ~*\.(ico|css|js|gif|jpe?g|png|tif?f|woff|ttf|otf|svg|woff2|eot)$    1;
}

server {

    listen                     443 ssl http2;
    server_tokens              off;
    server_name                eldoc.domain.com;

    ssl_certificate            /etc/nginx/cert/XXXXXX.crt;
    ssl_certificate_key        /etc/nginx/cert/XXXXXX.key;
    ssl_protocols              TLSv1.2 TLSv1.3;
    ssl_ciphers                HIGH:!aNULL:!MD5;

    client_max_body_size       100M;
    error_page                 404                 /404.xhtml;

    # Cahce control settings
    expires                    $expires;
    add_header                 Cache-Control       $control;


    location / {
        proxy_pass             http://eldoc/;
        proxy_connect_timeout  600;
        proxy_send_timeout     600;
        proxy_read_timeout     600;
        send_timeout           600;
        proxy_http_version     1.1;
        proxy_set_header       Upgrade             $http_upgrade;
        proxy_set_header       Connection          $proxy_connection;
        proxy_set_header       Host                $host:$server_port;
        proxy_set_header       X-Real-IP           $remote_addr;
        proxy_set_header       X-Remote-IP         $remote_addr;
        proxy_set_header       X-Forwarded-Host    $host;
        proxy_set_header       X-Forwarded-Server  $host;
        proxy_set_header       X-Forwarded-Proto   $scheme;
        proxy_set_header       X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header       Proxy-IP            $remote_addr;
        proxy_set_header       Proxy-keysize       256;
    }
}

5) Adjust default nginx config file and remove default server blocks, minimal content of the file is provided below

nano /etc/nginx/nginx.conf
/etc/nginx/nginx.conf
user nginx;
worker_processes 1;

error_log   /var/log/nginx/error.log;
pid         /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
     include             /etc/nginx/mime.types;
     default_type        application/octet-stream; 

     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include /etc/nginx/conf.d/*.conf;
}

7) Adjust firewall rules in case required

firewall-cmd --permanent --add-service=https && firewall-cmd --reload

8) Enable and start reverse-proxy service

systemctl enable nginx && systemctl start nginx


4.6. Document online editing service installation

NOTE: This component is optional and provides online editing capabilities for the office documents.

Steps below provide procedure on installing community version of the online editing service. 

Execute the following commands:

1) Binaries installation

Below community (CODE) version installation steps are provided. In case you have purchased a CollaboraOnline license - please refer to the steps provided in CollaboraOnline Portal.

Create CollaboraOnline CODE repo:

nano /etc/yum.repos.d/CollaboraOffice-CODE.repo
/etc/yum.repos.d/CollaboraOffice-CODE.repo
[CollaboraOffice-CODE]
name=CollaboraOffice-CODE
baseurl=https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos8
enabled=1
wget https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos8/repodata/repomd.xml.key && sudo rpm --import repomd.xml.key
dnf install coolwsd CODE-brand

2) Install additional fonts set

dnf install -y liberation-fonts open-sans-fonts abattis-cantarell-fonts dejavu-sans-mono-fonts dejavu-serif-fonts google-noto-emoji-color-fonts google-noto-sans-cjk-ttc-fonts google-noto-sans-gurmukhi-fonts google-noto-serif-cjk-ttc-fonts jomolhari-fonts julietaula-montserrat-fonts liberation-mono-fonts liberation-sans-fonts liberation-serif-fonts lohit-assamese-fonts lohit-bengali-fonts lohit-devanagari-fonts lohit-gujarati-fonts lohit-kannada-fonts lohit-odia-fonts lohit-tamil-fonts lohit-telugu-fonts paktype-naskh-basic-fonts sil-abyssinica-fonts sil-nuosu-fonts sil-padauk-fonts smc-meera-fonts stix-fonts thai-scalable-waree-fonts

And refresh fonts cache and update CollaboraOnline systemplate:

fc-cache -f -v
coolconfig update-system-template

3) Edit configuration file and adjust lines as per provided samples below

NOTE: Installation steps provided below assume that HTTPS-connections are terminated by nginx reverse-proxy and forwarded to coolwsd via HTTP.

Make the following adjustments to the coolwsd.xml configuration file (for the listed below parameters only).

nano /etc/coolwsd/coolwsd.xml
/etc/coolwsd/coolwsd.xml
<config>
    <!-- Optional: Add languages, e.g.: uk -->
    <allowed_languages desc="..." default="...">de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT uk ru</allowed_languages>

    <experimental_features desc="..." type="bool" default="false">false</experimental_features>
    <memproportion desc="..." type="double" default="35.0"></memproportion>

    <per_document desc="Document-specific settings, including LO Core settings.">
        <idlesave_duration_secs desc="The number of idle seconds after which document, if modified, should be saved. Disabled when 0. Defaults to 30 seconds." type="uint" default="30">0</idlesave_duration_secs>
        <autosave_duration_secs desc="The number of seconds after which document, if modified, should be saved. Disabled when 0. Defaults to 5 minutes." type="uint" default="300">0</autosave_duration_secs>
        <always_save_on_exit desc="On exiting the last editor, always perform the save, even if the document is not modified." type="bool" default="false">true</always_save_on_exit>

    <logging>
        <color type="bool">false</color>
        <file enable="true">
            <property name="path" desc="Log file path.">/var/log/coolwsd/coolwsd.log</property>

    <ssl desc="SSL settings">
        <enable type="bool" desc="..." default="true">false</enable>
        <termination desc=..." type="bool" default="true">true</termination>

	<storage desc="Backend storage">
        <wopi desc="..." allow="true">
            <alias_groups desc="..." mode="first">
                <host desc="elDoc Wopi host" allow="true">https://eldoc.domain.com:443</host>

    <admin_console desc="Web admin console settings.">
        <enable desc="Enable the admin console functionality" type="bool" default="true">false</enable>

    <quarantine_files desc="..." default="false" enable="true">
        <limit_dir_size_mb desc="..." default="250" type="uint">2048</limit_dir_size_mb>
        <max_versions_to_maintain desc="..." default="2" type="uint"></max_versions_to_maintain>
        <path desc="..." type="path" relative="true" default="quarantine">/local/cool/quarantine</path>
        <expiry_min desc="..." type="int" default="30">4320</expiry_min>

4) Edit service file

systemctl edit coolwsd.service
systemctl edit coolwsd.service
[Service]
ExecStart=
ExecStart=/usr/bin/coolwsd --version --o:sys_template_path=/opt/cool/systemplate --o:child_root_path=/local/cool/child-roots --o:file_server_root_path=/usr/share/coolwsd
ReadWritePaths=/local/cool /var/log/coolwsd

5) Create required folders and set permissions

mkdir /local/cool && mkdir /local/cool/quarantine && chown -R cool:cool /local/cool && chmod -R 770 /local/cool

6) Create logs folder

mkdir /var/log/coolwsd && chown cool:cool /var/log/coolwsd

7) Enable & Start service

systemctl daemon-reload && systemctl enable coolwsd && systemctl start coolwsd

8) Update Nginx rules

nano /etc/nginx/conf.d/eldoc.conf

Add the following lines in the server{} section in the bottom:

/etc/nginx/conf.d/eldoc.conf
server { 
	location / {
        ...
	}

    # CollaboraOnline Config
    include snippets/coolwsd.conf;
}

Edit coolwsd.xml snippet configuration file to look as follows (leave only shown lines as per config below, replace http://localhost:9980 with http://127.0.0.1:9980):

nano /etc/nginx/snippets/coolwsd.conf
/etc/nginx/snippets/coolwsd.conf
    # static files
    location ^~ /browser {
        proxy_pass http://127.0.0.1:9980;
        proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/cool/(.*)/ws$ {
        proxy_pass http://127.0.0.1:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/cool {
        proxy_pass http://127.0.0.1:9980;
        proxy_set_header Host $http_host;
    }

Restart nginx

systemctl restart nginx

10) Adjust elDoc configuration file

Make the respective adjustments in the eldoc.conf file as per example below:
wopi.host.discovery=http://127.0.0.1:9980
wopi.host.iframe=https://eldoc.domain.com:443


5. elDoc installation & configuration

1) Extract obtained elDoc distribution archive

Extract elDoc archive into /local/elDoc folder

2) Create user for running elDoc server

NOTE: replace username cidXXX with the provided name (if any), or use some meaningful username, e.g.: eldoc for PROD, qa01 for QA, dev01 for DEV etc.

groupadd eldoc
useradd -geldoc -s/bin/bash -M cidXXX
chown -R cidXXX:eldoc /local/elDoc

3) Edit elDoc configuration file in order to configure the elDoc system

nano /local/elDoc/eldoc.conf
chmod 600 /local/elDoc/eldoc.conf

4) Edit elDoc system service file and replace respective parameters (e.g.: User=cidXXX) where required

nano /local/elDoc/eldoc.service 

5) Install elDoc as a linux service

mv /local/elDoc/eldoc.service /etc/systemd/system/
systemctl enable eldoc

6) Adjust file attributes on the server launch script

chmod +x /local/elDoc/elDoc-server.sh

7) Start elDoc server

systemctl start eldoc

8) Initial login to the elDoc system and administrator user creation

In order to perform initial login to the elDoc system you need to enable "elDoc maintenance mode" via making the necessary adjustments in the eldoc.conf file. Once admin user is created in the elDoc system you need to disable the "elDoc maintenance mode".

9) elDoc configuration after first login

Make sure to complete elDoc configuration (via the Administration → Configuration page) after first login to the system.

Last modified: August 06, 2023